Information Security Compliance Analyst

About The Position

Requirements

• Technical Foundations Systemic Understanding: A strong grasp of system architecture and data flows. You must understand how interconnected systems affect the scope of security and compliance boundaries.
• Technical Literacy: Ability to interpret network diagrams, encryption standards, and vulnerability reports without requiring basic technical instruction.
• Compliance Expertise: Foundational knowledge of PCI-DSS , NACHA operating rules, and core GRC principles.
• Professional Attributes Autonomous Execution: Proven ability to take a high-level objective and drive it to completion with minimal supervision.
• Audience Awareness: Exceptional communication skills with the ability to tailor complex technical risks into clear, actionable insights for non-technical stakeholders.
• Resourcefulness: A "figure-it-out" mindset—leveraging all available documentation, internal tools, and historical data to resolve ambiguity.
• Analytical Rigor: A natural tendency toward detail; you catch the discrepancies in complex reports that others typically miss.
• 3–5 years of experience in Information Security, IT Audit, or Third-Party Risk Management.
• Technical Depth: Demonstrated experience performing manual security reviews and control assessments (independent of automated GRC "check-the-box" platforms).
• Experience in fast-paced, growth-oriented environments where building processes is as important as following them.

Nice To Haves

• CISA, CRISC, or Security+ are preferred but not required.

Responsibilities

• Strategic Procurement Partnership & Project Management End-to-End Ownership: Act as a dedicated "Procurement Partner" for internal requestors, managing the workflow from initial intake through final vendor approval and onboarding handoff.
• Tiered Risk Assessment: Conduct initial technical security assessments. You will be responsible for defining the scope and risk profile of new vendors, strategically engaging senior technical leads when specific high-risk architectures or complex integrations warrant specialized review.
• Contractual Navigation: Facilitate the legal and contractual review process by translating security requirements into actionable contract language and liaising between Legal, Security, and external vendors.
• Cross-Functional Onboarding: Orchestrate the final onboarding steps by coordinating with Finance, People Ops, and IT Ops to ensure all operational requirements are met before communicating final approval to the organization.
• Annual Vendor Lifecycle & Risk Decisioning Portfolio Management: Proactively manage the recurring annual assessment calendar for our existing vendor ecosystem. This requires exceptional time management to ensure deep-dive reviews are completed in parallel with active procurement projects.
• Critical Risk Analysis: Perform sophisticated analysis of vendor documentation (e.g., SOC reports, SIGs, penetration test summaries). You are expected to synthesize this data to make informed recommendations on risk acceptance, identifying where internal controls can mitigate vendor gaps.
• GRC, Audit Readiness & Privacy Compliance Response: Serve as the "source of truth" for external parties, managing responses to inbound requests for compliance proof (Audit Reports, W9s, COIs, etc.).
• Audit Coordination: Support the evidence collection and control-testing phases for annual audits, including PCI DSS and ACH/NACHA .
• Privacy Operations: Support the Privacy Team as a first-line responder for data subject requests (DSRs) and foundational privacy inquiries.
• Continuous Improvement & Automation Process Engineering: Continuously evaluate the TPRM and GRC lifecycle for bottlenecks; propose and implement workflows that increase efficiency.
• Automation Strategy: Partner with the Infrastructure team to automate manual evidence collection and vendor intake processes.

Benefits

• Competitive salary
• Comprehensive benefits package with employer-paid basic life and disability premiums
• 401K
• Unlimited PTO
• Company-sponsored quarterly “ePayItForward” initiatives
• Supportive and inclusive company culture with a focus on work/life balance
• Fully-stocked kitchen
• Lunch stipend when working onsite
• Open communication (We won’t box you in! If you have a cool idea for a product improvement or a suggestion on how to improve the customer experience, let’s talk about it. We value everyone’s ideas and opinions.)
• Huge opportunity for growth
• We operate on a hybrid schedule for in-office employees. Standard schedules are three days per week in the office, however, the cadence and days are determined by each team and manager.
• We value diversity here at ePayPolicy and understand the importance of creating a safe and comfortable work environment, encouraging individualism and authenticity in every member of our team.
• We strive to create an accessible and inclusive experience for all candidates. If you need an accommodation during the application or recruiting process, please submit a request to our team via this Interview Accommodation form: https://forms.gle/xKppyKTSqfTUi7hz5